From: Nelson Ferreira Date: Sun, 25 Aug 2013 18:33:44 +0000 (-0400) Subject: Bug fix: 161 etags munges relative filenames (any path containing "..") in TAGS files X-Git-Tag: v22.1.16~62^2 X-Git-Url: http://cgit.sxemacs.org/?p=sxemacs;a=commitdiff_plain;h=289b9d856af2c306368a38cb4771d42063a63894 Bug fix: 161 etags munges relative filenames (any path containing "..") in TAGS files Two bugs fixed here. One was Coverity induced, but another one, the strcpy -> memmove change is a real issue regarding copying in overlapping memory. * lib-src/etags.c (relative_filename): Correct off-by-1 error in counting down remaining bytes. * lib-src/etags.c (absoulte_filename): Change strcpy to memmove since this is a guaranteed overlapping memory copy, and strcpy is not guaranteed by POSIX to handle it properly. http://pubs.opengroup.org/onlinepubs/9699919799/functions/stpcpy.html "If copying takes place between objects that overlap, the behavior is undefined." Signed-off-by: Nelson Ferreira --- diff --git a/lib-src/etags.c b/lib-src/etags.c index 5271c6e..9b5756e 100644 --- a/lib-src/etags.c +++ b/lib-src/etags.c @@ -6882,7 +6882,7 @@ char *file, *dir; res_left = 3 * i + strlen(fp); res = xnew( res_left + 1, char); res[0] = '\0'; - for ( ; i-- > 0 ; res_left -= 4 ) + for ( ; i-- > 0 ; res_left -= 3 ) strncat(res, "../", res_left ); /* Add the file name relative to the common root of file and dir. */ @@ -6920,7 +6920,8 @@ char *file, *dir; while (cp >= res && !filename_is_absolute (cp)); if (cp < res) cp = slashp; /* the absolute name begins with "/.." */ - strcpy (cp, slashp + 3); + slashp += 3; + memmove(cp, slashp,strlen(slashp)+1); slashp = cp; continue; }